返回顶部

nginx 的location及rewrite

一.Nginx服务location区块说明

 利用location区块可以用于定位或者匹配网站资源信息,web服务的网站域名为www.augustyang.org,站点目录为html/www

  比如某个链接只允许内网访问, 外网不可以访问

  http://www.augustyang.org/test    -----------内网可以访问

  http://www.augustyang.org/test    -----------外网不可访问

需要用到模块 ngx_http_access_module  (实现访问控制模块)  

  The ngx_http_access_module module allows limiting access to certain client addresses.

官方样例

location / {
    deny  192.168.1.1;
    allow 192.168.1.0/24;
    allow 10.1.1.0/16;
    allow 2001:0db8::/32;
    deny  all;
}

官方链接:nginx.org/en/docs/http/ngx_http_access_module.html

Directives
Syntax:    allow address | CIDR | unix: | all;
Default:    —
Context:    http, server, location, limit_except

 

配置www.conf配置文件

# 172.16.1 内网网段可以访问,其他网段不可以访问

[root@web01 extra1]# cat www.conf 
  server {
        listen       80;
        server_name  www.augustyang.org;
        root   html/www;
        index  index.html index.htm;
       location /test {
          allow  172.16.1.0/24;
          deny    all;
      }
    }

 

创建测试访问资源

/application/nginx/html/www/test
[root@web01 test]# cat  yang.html 
11111111111111111111

 

reload

测试(内网)

[root@web01 test]# curl www.augustyang.com/test/yang.html
11111111111111111111

 

测试(外网)

  不可以访问

 

 

location 知识

location [ = | ~ | ~* | ^~ ] uri { ... }
=         --- 精确匹配网站uri资源信息
~          --- 区分大小写匹配网站uri资源信息
~*          --- 不区分大小写匹配网站uri资源信息
^~        --- 优先匹配网站uri资源信息
/AV/       --- 指定匹配网站资源目录信息
/          --- 默认匹配网站资源信息
! -        -- 对匹配的内容进行取反

 

 

location = / {
[ configuration A ]               --- 优先级最高 ①
}

location / {                  --- 所有匹配都不满足时候,匹配默认location ④
[ configuration B ]
}

location /documents/ {             --- 根据资源目录进行匹配 ③
[ configuration C ]
}

location ^~ /images/ {               --- 优先匹配 ②
[ configuration D ]
}

location ~* \.(gif|jpg|jpeg)$ {           --- 不区分大小写匹配网站资源 ③
[ configuration E ]
}

 

官方实例  http://nginx.org/en/docs/http/ngx_http_core_module.html#location

 

 

 

 

二.Nginx服务rewrite模块功能说明

 

官网实例: http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite

 

last
  stops processing the current set of ngx_http_rewrite_module directives and starts a search for a new location matching the changed URI;
break
  stops processing the current set of ngx_http_rewrite_module directives as with the break directive;
redirect
  returns a temporary redirect with the 302 code; used if a replacement string does not start with “http://”, “https://”, or “$scheme”;
permanent
  returns a permanent redirect with the 301 code.

 

last  #本条规则匹配完成后,继续向下匹配新的location URI规则

break  #本条规则匹配完成即终止,不再匹配后面的任何规则

redirect  #返回302临时重定向,浏览器地址会显示跳转后的URL地址

permanent  #返回301永久重定向,浏览器地址栏会显示跳转后的URL地址

 

测试

augustyang.org   跳转到 www.augustyang.org

示例一:

[root@web01 conf]# cat extra1/www.conf 
  server {
        listen       80;
        server_name  augustyang.org;
        #root   html/www;
        #index  index.html index.htm;
    rewrite ^/(.*) http://www.augustyang.org/$1 permanent;
    }

  server {
        listen       80;
        server_name  www.augustyang.org;
        root   html/www;
        index  index.html index.htm;
    }

 

 

示例二:

  server {
    listen        80;
    server_name    augustyang.org www.augustyang.org;
    root           html/www;
    index          index.html index.htm;
    if ($host ~* "^augustyang.org$") {
           rewrite ^/(.*) http://www.augustyang.org/$1 permanent;
        }
 }

 

 

测试过程:

 

[root@web01 ~]# curl augustyang.org
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>


[root@web01 ~]# curl  -L augustyang.org
10.0.0.7 www.augustyang.org


[root@web01 ~]# curl  -Lv augustyang.org

* About to connect() to augustyang.org port 80 (#0)
*   Trying 172.16.1.7... connected
* Connected to augustyang.org (172.16.1.7) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: augustyang.org
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.12.2
< Date: Wed, 12 Dec 2018 02:56:15 GMT
< Content-Type: text/html
< Content-Length: 185
< Connection: keep-alive
< Location: http://www.augustyang.org/
< 
* Ignoring the response-body
* Connection #0 to host augustyang.org left intact
* Issue another request to this URL: 'http://www.augustyang.org/'
* About to connect() to www.augustyang.org port 80 (#1)
*   Trying 172.16.1.7... connected
* Connected to www.augustyang.org (172.16.1.7) port 80 (#1)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: www.augustyang.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.12.2
< Date: Wed, 12 Dec 2018 02:56:15 GMT
< Content-Type: text/html
< Content-Length: 28
< Last-Modified: Tue, 11 Dec 2018 09:32:16 GMT
< Connection: keep-alive
< ETag: "5c0f8420-1c"
< Accept-Ranges: bytes
< 
10.0.0.7 www.augustyang.org
* Connection #1 to host www.augustyang.org left intact
* Closing connection #0
* Closing connection #1

 

posted on 2018-12-11 18:15  augustyang  阅读(250)  评论(0)    收藏  举报

导航